In immediate danger? Call 000 · CrisisFlare is not an emergency service · Leave this site
CrisisFlare Open CrisisFlare →

This is a reference copy of a page from the CrisisFlare app, for readers and search engines without JavaScript. The interactive service — including its privacy protections like Quick Exit — is at crisisflare.org.

Privacy Policy

How CrisisFlare collects, uses, protects, and deletes personal information — in plain language, with the real numbers.

Version 1.0 — 7 July 2026 · wording last updated 11 July 2026. This policy is in force now and reflects how CrisisFlare actually works today. It is written to the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and is awaiting independent legal review — anything marked “to be confirmed” will be settled in that review. If we change how the service works, we update this page first.

1. Who we are

CrisisFlare (crisisflare.org) is a free, not-for-profit service that helps people in crisis find and connect with support services in Australia. It is currently operated by its founder, Graham Huf, while incorporation as a registered charity is completed [legal entity and ABN to be confirmed on incorporation].

CrisisFlare handles health-related and other sensitive information, so we operate on the basis that the Privacy Act and all 13 Australian Privacy Principles apply to us in full, and we hold ourselves to them [whether the Act binds the current entity as a matter of law is being confirmed in legal review].

Privacy contact: [email protected].

2. Our privacy promise

3. Anonymous by design

You can browse, answer the questions, and see matched services without an account, a name, an email, or a phone number. There is no sign-up for people seeking help.

If you raise a flare (a request for help), our systems create an anonymous session — a random identifier that lets your own device see your flare. It contains no name or contact detail. To pick things up on another device you can use a one-time resume code: we store only a cryptographic fingerprint (hash) of that code, never the code itself. A code stops working after 30 days, and its stored fingerprint is removed when you issue a new code or delete your data. Treat the code like a key: anyone who has it can see the flares it links to.

4. What we collect

If you are seeking help — on your device only (until you choose to share): your answers in the “find help” questions are saved on your own device so your search works, and are not stored in our database. They can include sensitive information — about your safety and family-violence circumstances, health, mental health, alcohol or other drug support needs, whether you are Aboriginal or Torres Strait Islander, LGBTQIA+ status, children with you, your suburb or postcode, and an optional note in your own words. You can skip any question. We only collect sensitive information you volunteer, and only use it to match you with the right kind of support (we rely on this as the consent the Privacy Act requires for sensitive information). “Quick exit” (or pressing Esc) instantly leaves the site and erases this from the device.

Two things are processed by our systems during the questions, transiently and without being stored: the postcode you type is sent to our suburb lookup (via Australia Post) to suggest suburb names, and the optional note — if you type one — is read once by an AI service to improve your matches (see section 7). Both travel without your name or contact details.

If you raise a flare, we collect and store: the kind of help you need, your area (stored as you type it — please keep it to a suburb or postcode, never a street address), a short summary in your words, general “who this is for” tags (for example women, families, young people), and — only if you choose to add them — a first name and one way to contact you. Your separate search radius and search postcode are used momentarily to work out which services are in range and are not stored.

If you message a service through CrisisFlare, we store those messages so the conversation works.

If a support worker is helping you, they may enter information on your behalf — this must only ever happen with your knowledge and agreement.

If you represent a partner service organisation: we collect your work email, a password (stored only as a secure hash), your multi-factor authentication enrolment, your organisation’s name and ABN, and — for verification — a contact name and email (please make sure that person knows you are providing their details) and any notes you provide. We check the ABN against the Australian Business Register. We never use an ABN or any other government identifier as our own identifier for a person; ABNs are used only to verify organisations.

If you register interest in supporting CrisisFlare (the “Support us” page): we collect the name, email, supporter type, and any message you choose to leave — used only to talk with you about supporting CrisisFlare, and you can opt out at any time (email [email protected] and we’ll remove you).

Our public service directory lists organisations, not individuals: it is built from the public ACNC Charity Register (used under its CC BY 3.0 (AU) licence) and details published on charities’ own websites (phone, email, hours — recorded with their source, never invented, and re-checked on a regular cycle). Charities can opt out of emails from us, and we honour it. Where a sole trader’s ABN or a published contact identifies a person, we treat it as personal information.

Technical information: like every website, network traffic (including IP addresses) passes through our infrastructure providers to deliver the site. We do not use IP addresses to identify people who use CrisisFlare, and we run no third-party analytics, no tracking cookies, and no fingerprinting — our security settings actively block them and we suppress referrer information. Our own application sets no cookies on the person-facing site; our security provider (Cloudflare) may set a short-lived security cookie if it challenges suspected bots.

Anonymous usage counts: to see what people need and fix the gaps, we count how the site is used — in anonymous totals only. For example: “a search for housing in NSW found no results.” These counts contain no name, no contact detail, no IP address, no device or session identifier, and no free text — search words are reduced to our fixed category list before counting, so nothing you type is stored. They cannot identify you or reconstruct anyone’s visit. Raw daily counts are deleted within about 35 days; only the aggregate totals (kept up to 24 months) remain. We also review our security provider’s network-level traffic statistics (such as total page views and the share of automated “bot” traffic) — figures about the site as a whole, not about any person.

5. How we hold and protect information

Our database and authentication run on Supabase in Sydney, Australia (region ap-southeast-2). Website delivery and our small server functions run on Cloudflare.

If something goes wrong: we operate under a documented data-breach response plan built to the Notifiable Data Breaches scheme (being finalised in legal review). We assess any suspected breach promptly (within 30 days at the outside, aiming for far less) and notify the OAIC and affected people when required. Because our users include people at risk of violence, we treat any exposure of the identity or location of a person at risk as serious from the start — no one has to prove harm first, and we design notifications so they don’t create new danger (for example, on a monitored device).

6. Why we collect information

We collect and use personal information to: match you with services that fit your situation and have capacity; let you raise an urgent request for help; connect you with a service you choose; pass messages between you and that service; verify partner organisations; keep the service safe (preventing abuse and misuse); and understand service coverage and how the site is used — using de-identified, area-level records and anonymous usage totals only.

We do not sell personal information, use it for advertising, or use it for any marketing to people seeking help. When we email service organisations about joining CrisisFlare, we follow the Spam Act — we identify ourselves, contact published organisational addresses about directly relevant matters, and honour opt-outs immediately.

7. AI-assisted matching (automated processing)

One feature uses AI: the optional “anything else” note in the find-help questions. If you type something there, it is sent once to our AI provider (Anthropic) so their Claude model can suggest which of our fixed support categories your words describe — for example recognising “I can’t pay my electricity bill” as a need for financial help.

We disclose this automated processing voluntarily, ahead of the Privacy Act’s automated-decision transparency requirements commencing in December 2026.

8. When we share information

With a service you choose: until you consent, a service sees only a de-identified summary — the kind of help needed, the area, and your words in the summary. It cannot see who you are. One thing to know: your summary is shared exactly as you wrote it, so it’s best not to put your name or address in it (we say this on the form too). Your name and contact detail are revealed only after that service offers to help and you accept — and you can revoke that consent at any time, or block the conversation.

With our service providers: the providers listed in section 9 process limited data for us (hosting, email, the AI note, postcode lookup). They act under their own strict terms and do not get free use of your information.

If the law requires: if we are compelled by law (for example a court order), we share the minimum required and we push back on over-broad requests. Our strongest protection here is design: the safest record is one we never kept — which is why so little is stored, for so short a time.

Never: we never sell personal information, and we never share it for advertising.

9. Overseas disclosure (where data goes)

Our primary data store — everything in section 4 that we hold — is in Australia (Sydney). The providers we use, and where they process data:

Where a provider processes personal information outside Australia, we take reasonable steps under APP 8 — minimising what is sent (as described above) and relying on providers’ contractual data-protection commitments [the precise APP 8 mechanism is being confirmed in legal review]. Some providers (Cloudflare, Google) operate global networks, so traffic and email may also transit other countries.

10. How long we keep things (and how to delete everything now)

Delete everything, right now: in My flares choose “Delete all my data”. It permanently and immediately deletes — from our live systems — every flare linked to your session or resume code, your encrypted contact details, your messages, and your resume codes. Copies inside our encrypted backups are deleted automatically as old backups are replaced, and audit entries (which never contain your name, contact, or words) are kept per the audit-log line above. Our audit log records the deletion itself as a de-identified count. These retention periods are our operating settings and are marked for confirmation in legal review; deletion on request always overrides them.

11. Access, correction, and export

You can ask us for a copy of the personal information we hold about you, ask us to correct it, or ask us to delete it — free of charge. Email [email protected]. We aim to respond within 30 days; if we ever refuse (for example, a legal hold), we will explain why in writing. If you need this policy in another format (for example plain text or printed), email us and we’ll provide it.

We also take reasonable steps to keep information accurate and up to date: directory listings carry their source and are re-checked on a regular cycle, and we correct anything you tell us is wrong.

One honest quirk of anonymity: because we don’t know who you are, we may need your resume code to find the data that is yours — it is the only link between you and your flares. Without it, we often genuinely cannot locate your records (which is by design).

12. Complaints

If you think we’ve mishandled your information, email [email protected]. We will acknowledge your complaint within 7 days and aim to resolve it within 30 days.

If you are not satisfied, you can complain to the Office of the Australian Information Commissioner (OAIC)oaic.gov.au, phone 1300 363 992, or by post — the current postal address is listed at oaic.gov.au.

13. A note if you are experiencing violence

If you are in immediate danger, call 000. For confidential family-violence support call 1800RESPECT (1800 737 732).

The Quick exit button (or pressing Esc) leaves this site instantly and clears it from the device. On a shared or monitored device, consider private browsing and clearing your history afterwards. We only ever store your area — never your exact location — and we never reveal your identity or location to a service without your consent. Known confidential refuge locations are excluded from this site entirely, and we progressively re-review legacy listings.

14. Children and young people

CrisisFlare can be used by young people seeking help, and by support workers helping someone of any age. We deliberately do not demand identity or age documents — for someone fleeing harm, a barrier is a risk. We apply the same minimal-collection and consent protections to everyone, and the questions are written in plain language. Consistent with OAIC guidance, we treat a young person as able to consent for themselves when they have the capacity to understand what they are agreeing to (generally presumed from around age 15). Our full approach to consent and capacity for people under 18 is [being finalised with legal review], and we are designing for the Children’s Online Privacy Code as it lands.

15. Changes to this policy

When we change how CrisisFlare handles personal information, we update this policy first and change the version line at the top. Material changes will be flagged on the site. Version 1.0 — 7 July 2026 · wording last updated 11 July 2026.

See also: Collection Notice (what we tell you at the moment we collect information) and the plain-language privacy overview.

AboutContactPrivacy overviewPrivacy PolicyCollection noticeTerms of UseDisclaimer · CrisisFlare — free, not-for-profit crisis support connector